CN103780450B - The detection method and system of browser access network address - Google Patents

The detection method and system of browser access network address Download PDF

Info

Publication number
CN103780450B
CN103780450B CN201210410486.7A CN201210410486A CN103780450B CN 103780450 B CN103780450 B CN 103780450B CN 201210410486 A CN201210410486 A CN 201210410486A CN 103780450 B CN103780450 B CN 103780450B
Authority
CN
China
Prior art keywords
network address
browser
address
terminal
web page
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Active
Application number
CN201210410486.7A
Other languages
Chinese (zh)
Other versions
CN103780450A (en
Inventor
汤文亮
区小东
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Tencent Technology Shenzhen Co Ltd
Original Assignee
Tencent Technology Shenzhen Co Ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Tencent Technology Shenzhen Co Ltd filed Critical Tencent Technology Shenzhen Co Ltd
Priority to CN201210410486.7A priority Critical patent/CN103780450B/en
Priority to PCT/CN2013/085736 priority patent/WO2014063622A1/en
Priority to US14/142,491 priority patent/US9241006B2/en
Publication of CN103780450A publication Critical patent/CN103780450A/en
Application granted granted Critical
Publication of CN103780450B publication Critical patent/CN103780450B/en
Active legal-status Critical Current
Anticipated expiration legal-status Critical

Links

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/14Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic
    • H04L63/1408Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic by monitoring network traffic
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/16Implementing security features at a particular protocol layer
    • H04L63/168Implementing security features at a particular protocol layer above the transport layer
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L67/00Network arrangements or protocols for supporting network services or applications
    • H04L67/50Network services
    • H04L67/535Tracking the activity of the user

Abstract

The present invention provides a kind of detection method of browser access network address, includes the following steps: that the networking operation generated to the software of terminal is monitored and intercepts the web page address of networking;First kind network address is detected from the web page address;When the browser of the terminal is currently running and the history of browser access network address is identical as the first kind network address, the browser access first kind network address is judged.Further, it would be desirable to provide a kind of detection systems of browser access network address, technology of the invention, it can accurately detect that browser attempts to access that the behavior of first kind network address, realize the accurate measurements to browser networking behavior, improve the subsequent precision that browser networking behavior is prompted or intercepted.

Description

The detection method and system of browser access network address
Technical field
The present invention relates to Network Monitoring Technologies, more particularly to the detection method and system of a kind of browser access network address.
Background technique
In the terminal that can run multiple networking softwares, including front stage operation software and running background software, for can be with For the terminal for accessing internet, browser is that terminal generates the software of networking behavior more frequently, complicated, so for browsing Device networking behavior implementing monitoring, is the pith for protecting terminal system safety.
Traditional terminal networking monitoring technology connects restricted net during the monitoring to software, when monitoring software When location, corresponding prompt can be made or intercepted, but third party's monitoring as networking behavior, monitoring side can not know link The behavior of restricted network address is triggered by which software, is merely able to examine the restricted net of the softward interview for monitoring terminal Location, so, due to lacking the accurate measurements to browser networking behavior, if browser has accessed restricted network address, tradition Terminal networking monitoring technology can not detect it is that browser accesses restricted network address, go to can not network to browser It accurately prompts or intercepts to execute.
Summary of the invention
Based on this, it is necessary to provide a kind of detection side of the browser access network address of energy accurate measurements browser networking behavior Method.
A kind of detection method of browser access network address, includes the following steps:
The networking operation that the software of terminal generates is monitored and intercepts the web page address of networking;
First kind network address is detected from the web page address;
When the browser of the terminal is currently running and the history of the browser access network address and first kind network address When identical, the browser access first kind network address is judged.
In addition, there is a need to provide a kind of detection system of the browser access network address of energy accurate measurements browser networking behavior System.
A kind of detection system of browser access network address, comprising:
Monitoring module, the networking operation for the software generation to terminal are monitored and intercept the web page address of networking;
Detection module, for detecting first kind network address from the web page address;
Judgment module, is currently running for the browser when the terminal and the history of the browser accesses network address and institute State first kind network address it is identical when, judge browser access first kind network address.
The detection method and system of above-mentioned browser access network address are produced by the networking behavior of monitor terminal software in terminal When raw and first kind network address is attached, further judged whether by the historical record and its operating status that detect browser clear Device of looking at accesses first kind network address, can accurately detect that browser attempts to access that the behavior of first kind network address, realize to clear The accurate measurements of device of looking at networking behavior improve the subsequent precision that browser networking behavior is prompted or intercepted.
Detailed description of the invention
Fig. 1 is that the browser of one embodiment accesses the detection method flow chart of network address;
Fig. 2 is the structural schematic diagram that the browser of one embodiment accesses the detection system of network address.
Specific embodiment
The specific embodiment work of the detection method of browser access network address of the invention is retouched in detail with reference to the accompanying drawing It states.
Fig. 1 is that the browser of one embodiment accesses the detection method flow chart of network address, is mainly included the following steps:
Step S10 is monitored the networking operation that the software of terminal generates and intercepts the web page address (URL) of networking.
In this step, mainly the networking behavior for the software installed is monitored in real time in local terminal, one In a embodiment, step S10 specifically comprises the following steps:
In the behavior of the softward interview network of the real-time monitor terminal of the bottom of operating system.
Specifically, it can use the softward interview of the real-time monitor terminal of network firewall of injection terminal operating system bottom The behavior of network.For example, for the Android system for being widely used in the wireless terminals such as mobile phone, portable computer at present, Ke Yitong The IpTable component of injection Android system bottom is crossed to monitor all networking behaviors of all softwares in local terminal.
When listening to software in above-mentioned snoop procedure and being networked, the web page address of interception networking request.
Step S30 detects first kind network address from the web page address.
In this step, first kind network address is mainly detected using the network address database of background server, in a reality It applies in example, step S30 specifically comprises the following steps:
Firstly, the web page address of interception is transmitted to server end.
Then, the web page address received is matched with the first kind network address prestored in server end, if matching at Function, then determine corresponding web page address for first kind network address, and by determine result be back to terminal.
Specifically, by the domain name whole of the web page address accessed or interception fractional transmission to background server, backstage is taken Business identical web page address is matched in URL library, and inquire the domain name whether be the first kind address to be detected.Wherein, net All kinds of webpage network address and its attribute are recorded in the library of location.
For example, whether the web page address that detect wireless terminal networking is Malware, including fraud is deducted fees, false fishing The network address such as fish, pornographic webpage and various viral wooden horses, it is assumed that the web page address for being transmitted to background server is Www.ppp333.com, and include www.ppp333.com in the URL library of background server, and the network address is registered as pornographic Network address, successful match then determine that the result of judgement for the pornographic network address of malice, is back to terminal by the network address.
It should be noted that can also detect first kind net using other technological means in addition to above-mentioned detection mode Location, for example, carrying out matching detection first kind network address in the way of local data base.
Step S50, when the browser of the terminal is currently running and the history of browser access network address and described the When a kind of network address is identical, the browser access first kind network address is judged.
In this step, mainly after detecting terminal access first kind network address, further according to the history of browser Record and operating status are to determine whether attempt to access that first kind network address for browser, in one embodiment, step S50 is specific Include the following steps:
Firstly, reading the history access network address in the historical record of the browser of the terminal.
Then, judge whether the history access network address and the first kind network address are equal, if so, further judging institute State the operating status of browser;If the browser is currently running, determine that the browser attempts to access that first kind network address.
The operating status of browser can be judged with the program interface functions of call operation system, for example, calling Android system The API that unites inquires currently running program, can obtain the browser execution state of Android system.
It in one embodiment, further will be described after the step of judging the browser access first kind network address The relevant information of browser access first kind network address is shown.
It is shown by relevant information, intuitive prompt can be provided for user, instruct user to carry out other corresponding Operation, for example, the networking behavior that can be directed to browser is made accurately when detecting that browser is accessing malice network address Prompt/interception, or prompt user carry out corresponding intercept and operate, and ensure that the system safety of terminal.
With reference to the accompanying drawing to the specific embodiment of the detection method correspondence system of browser access network address of the invention It is described in detail.
Fig. 2 is that the browser of one embodiment accesses the detection system structure of network address, specifically includes that monitoring module 10, detection module 30 and judgment module 50.
Monitoring module 10, the networking operation for the software generation to terminal is with being monitored and intercept the webpage of networking Location.
In the present embodiment, monitoring module 10 is mainly to carry out in fact in local terminal to the networking behavior for the software installed When monitor, as one embodiment, monitoring module 10 is further used for:
In the behavior of the softward interview network of the real-time monitor terminal of the bottom of the operating system of terminal;When listen to software into When row networking, the web page address of interception networking request.
Detection module 30, for detecting first kind network address from the web page address.
In the present embodiment, detection module 30 mainly detects first kind net using the network address database of background server Location, as one embodiment, detection module 30 is further used for:
The web page address of interception is transmitted to server end.
The web page address received is matched with the first kind network address prestored in server end, if successful match, Determine corresponding web page address for first kind network address, and by determine result be back to terminal.
Specifically, the domain name of the web page address accessed is transmitted to background server, background service is in safe URL library It is middle to match identical web page address, and the domain name is inquired with the presence or absence of safety problem.Wherein, all kinds of nets are recorded in safe URL library Page network address and its attribute.
Judgment module 50, for when the terminal browser be currently running and the history of the browser access network address with When the first kind network address is identical, the browser access first kind network address is judged.
In the present embodiment, judgment module 50 is mainly after detecting terminal access first kind network address, further basis Historical record and the operating status of browser are to determine whether attempt to access that first kind network address for browser, as an implementation Example, judgment module 50 are further used for:
Read the history access network address in the historical record of the browser of the terminal.
Judge whether the history access network address and the first kind network address are equal, if so, further judging described clear Look at the operating status of device;If the browser is currently running, determine that the browser attempts to access that first kind network address.
In one embodiment, judgment module 50 further will after judging the browser access first kind network address The relevant information of the browser access first kind network address is shown.
It is shown by relevant information, intuitive prompt can be provided for user, instruct user to carry out other corresponding Operation, for example, the networking behavior that can be directed to browser is made accurately when detecting that browser is accessing malice network address Prompt/interception, or prompt user carry out corresponding intercept and operate, and ensure that the system safety of terminal.
The detection method one of the detection system of browser access network address of the invention and browser access network address of the invention One is corresponding, is applicable in the technical characteristic and its advantages of the embodiment elaboration of the detection method of above-mentioned browser access network address In the embodiment of the detection system of browser access network address.
Those of ordinary skill in the art will appreciate that realizing all or part of the process in above embodiment, and corresponding System, be that relevant hardware can be instructed to complete by computer program, the program can be stored in a computer In read/write memory medium, the program is when being executed, it may include such as the process of the respective embodiments described above.Wherein, the storage Medium can be magnetic disk, CD, read-only memory (Read-Only Memory, ROM) or random access memory (Random Access Memory, RAM) etc..
The embodiments described above only express several embodiments of the present invention, and the description thereof is more specific and detailed, but simultaneously Limitations on the scope of the patent of the present invention therefore cannot be interpreted as.It should be pointed out that for those of ordinary skill in the art For, without departing from the inventive concept of the premise, various modifications and improvements can be made, these belong to guarantor of the invention Protect range.Therefore, the scope of protection of the patent of the invention shall be subject to the appended claims.

Claims (10)

1. a kind of detection method of browser access network address, which comprises the steps of:
The networking operation that the software of terminal generates is monitored and intercepts the web page address of networking;
First kind network address is detected from the web page address;Wherein, the first kind network address is the network address prestored;
When the browser of the terminal be currently running and the history of the browser access network address it is identical as the first kind network address When, judge that the browser attempts to access that first kind network address.
2. the detection method of browser access network address according to claim 1, which is characterized in that the software to terminal The networking operation of generation is monitored and includes: the step of intercepting the web page address of networking
In the behavior of the softward interview network of the real-time monitor terminal of the bottom of the operating system of terminal;
When listening to software and being networked, the web page address of interception networking request.
3. the detection method of browser according to claim 1 access network address, which is characterized in that it is described from the webpage The step of first kind network address is detected in location include:
The web page address is transmitted to server end;
The web page address is matched with the first kind network address prestored in the server end;
The web page address is determined if successful match for first kind network address and will determine that result is back to terminal.
4. the detection method of browser according to claim 1 access network address, which is characterized in that described when the terminal When browser is currently running and the history of browser access network address is identical as the first kind network address, the browser is determined The step of accessing first kind network address include:
Read the history access network address in the historical record of the browser of the terminal;
Judge whether the history access network address and the first kind network address are equal, if so, further judging the browser Operating status;
If the browser is currently running, determine that the browser attempts to access that first kind network address.
5. the detection method of browser access network address according to any one of claims 1 to 4, which is characterized in that judging Out after the browser access first kind network address, further includes:
The relevant information of browser access first kind network address is shown.
6. a kind of detection system of browser access network address characterized by comprising
Monitoring module, the networking operation for the software generation to terminal are monitored and intercept the web page address of networking;
Detection module, for detecting first kind network address from the web page address;Wherein, the first kind network address prestores Network address;
Judgment module, is currently running and the history of browser access network address and described for the browser when the terminal When a kind of network address is identical, judge that the browser attempts to access that first kind network address.
7. the detection system of browser according to claim 6 access network address, which is characterized in that the monitoring module is into one Step is used for:
In the behavior of the softward interview network of the real-time monitor terminal of the bottom of the operating system of terminal;
When listening to software and being networked, the web page address of interception networking request.
8. the detection system of browser according to claim 6 access network address, which is characterized in that the judgment module is into one Step is used for:
The web page address is transmitted to server end;
The web page address is matched with the first kind network address prestored in the server end;
The web page address is determined if successful match for first kind network address and will determine that result is back to terminal.
9. the detection system of browser according to claim 6 access network address, which is characterized in that the judgment module is into one Step is used for:
Read the history access network address in the historical record of the browser of the terminal;
Judge whether the history access network address and the first kind network address are equal, if so, further judging the browser Operating status;
If the browser is currently running, determine that the browser attempts to access that first kind network address.
10. according to the detection system of the described in any item browser access network address of claim 6 to 9, which is characterized in that described to sentence Disconnected module is also used to:
The relevant information of browser access first kind network address is shown.
CN201210410486.7A 2012-10-24 2012-10-24 The detection method and system of browser access network address Active CN103780450B (en)

Priority Applications (3)

Application Number Priority Date Filing Date Title
CN201210410486.7A CN103780450B (en) 2012-10-24 2012-10-24 The detection method and system of browser access network address
PCT/CN2013/085736 WO2014063622A1 (en) 2012-10-24 2013-10-23 Method and system for detecting website visit attempts by browsers
US14/142,491 US9241006B2 (en) 2012-10-24 2013-12-27 Method and system for detecting website visit attempts by browsers

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN201210410486.7A CN103780450B (en) 2012-10-24 2012-10-24 The detection method and system of browser access network address

Publications (2)

Publication Number Publication Date
CN103780450A CN103780450A (en) 2014-05-07
CN103780450B true CN103780450B (en) 2019-03-01

Family

ID=50544021

Family Applications (1)

Application Number Title Priority Date Filing Date
CN201210410486.7A Active CN103780450B (en) 2012-10-24 2012-10-24 The detection method and system of browser access network address

Country Status (2)

Country Link
CN (1) CN103780450B (en)
WO (1) WO2014063622A1 (en)

Families Citing this family (8)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN105100061B (en) 2015-06-19 2018-09-04 小米科技有限责任公司 Network address kidnaps the method and device of detection
CN110769423B (en) * 2018-09-26 2021-12-14 北京嘀嘀无限科技发展有限公司 Automobile data recorder control method and device and automobile data recorder
CN111092863B (en) * 2019-11-29 2022-12-23 视联动力信息技术股份有限公司 Method, client, server, device and medium for accessing internet website
CN111431852B (en) * 2020-02-21 2021-06-25 厦门大学 Browser history sniffing method and browser history monitoring method
CN111372205A (en) * 2020-02-28 2020-07-03 维沃移动通信有限公司 Information prompting method and electronic equipment
CN112600863A (en) * 2021-03-04 2021-04-02 南京敏宇数行信息技术有限公司 Safe remote access system and method
CN113612768B (en) * 2021-08-02 2023-10-17 北京知道创宇信息技术股份有限公司 Network protection method and related device
CN113949731A (en) * 2021-10-12 2022-01-18 深兰科技(上海)有限公司 Network automatic connection method, device, medium and electronic equipment

Citations (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN1859398A (en) * 2006-01-05 2006-11-08 珠海金山软件股份有限公司 System and method for reverse network fishing
CN1949715A (en) * 2005-10-12 2007-04-18 腾讯科技(深圳)有限公司 Method for limiting browser access network address
CN102402620A (en) * 2011-12-26 2012-04-04 余姚市供电局 Method and system for defending malicious webpage

Family Cites Families (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US20090157859A1 (en) * 2007-12-17 2009-06-18 Morris Robert P Methods And Systems For Accessing A Resource Based On URN Scheme Modifiers

Patent Citations (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN1949715A (en) * 2005-10-12 2007-04-18 腾讯科技(深圳)有限公司 Method for limiting browser access network address
CN1859398A (en) * 2006-01-05 2006-11-08 珠海金山软件股份有限公司 System and method for reverse network fishing
CN102402620A (en) * 2011-12-26 2012-04-04 余姚市供电局 Method and system for defending malicious webpage

Also Published As

Publication number Publication date
WO2014063622A1 (en) 2014-05-01
CN103780450A (en) 2014-05-07

Similar Documents

Publication Publication Date Title
CN103780450B (en) The detection method and system of browser access network address
CN110472414A (en) Detection method, device, terminal device and the medium of system vulnerability
CN108664793B (en) Method and device for detecting vulnerability
EP2852913B1 (en) Method and apparatus for determining malicious program
CN103368957B (en) Method and system that web page access behavior is processed, client, server
CN109660502A (en) Detection method, device, equipment and the storage medium of abnormal behaviour
KR102355973B1 (en) Apparatus and method for detecting smishing message
CN103856471B (en) cross-site scripting attack monitoring system and method
CN103746992B (en) Based on reverse intruding detection system and method thereof
CN108696490A (en) The recognition methods of account permission and device
CN102592089B (en) Detection method and detection device for webpage redirection skip loophole
CN104361281B (en) A kind of solution of Android platform phishing attack
CN108989355A (en) A kind of leak detection method and device
CN107579997A (en) Wireless network intrusion detection system
CN103605924A (en) Method and device for preventing malicious program from attacking online payment page
CN110516448A (en) A kind of grey box testing method, apparatus, equipment and readable storage medium storing program for executing
CN104182681B (en) Hook-based iOS (iPhone operating system) key behavior detection device and detection method thereof
CN107302586A (en) A kind of Webshell detection methods and device, computer installation, readable storage medium storing program for executing
CN102045319A (en) Method and device for detecting SQL (Structured Query Language) injection attack
CN108769070A (en) One kind is gone beyond one's commission leak detection method and device
CN107770125A (en) A kind of network security emergency response method and emergency response platform
CN106998335A (en) A kind of leak detection method, gateway device, browser and system
WO2019144548A1 (en) Security test method, apparatus, computer device and storage medium
CN107896219A (en) A kind of detection method, system and the relevant apparatus of website fragility
CN102970282A (en) Website security detection system

Legal Events

Date Code Title Description
C06 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
GR01 Patent grant
GR01 Patent grant